Twitter

How Secure Is Your Data Store?

Article views

3930

VIEWS

In the business world today, the data held by a company can often be their most valuable asset. The value of the data is also dependent on its quality, so the more time you spend making sure that it is fit-for-purpose, the more value can be extracted. These values can be significant too, with the Verizon Data Breach Report reporting an average cost of $201 per lost record in 2014.

Therefore, keeping it safe and secure should be at the forefront of company strategies, but this is rarely the case. When this happens you have situations such as for Ashley Madison or Carphone Warehouse, whereby huge and valuable datasets are stolen or leaked. It is like having a car that you spend several thousand on, but leave it in a high crime rate area, most of the time it won't get stolen, but the chances of it being taken are much higher than they need to be.

One of the key reasons for this lapse in security is that many of the most popular platforms, like Hadoop, have in-built security. The danger here is that people think that their data is safe because of these systems, which is true to a degree, but having only these systems in place is like locking your car - it can still be broken into relatively easily.

Dale Kim, Director of Industry Solutions at MapR Technologies, in an article for CBR, makes the point that the security capabilities of Hadoop are dependent on the specific deployment of the company, meaning that 'there is no universal standard for security so professionals have the opportunity to investigate and devise the best process for their individual environment.'

So what other elements should you be looking at when protecting your data?

Machine Learning

The concept of machine learning for data security involves companies quickly analyzing patterns and trends, allowing for potential anomalous actions to be quickly identified and acted upon. One company protecting their data in exactly this way is the UK bookmaker William Hill, who have adopted it to protect against the almost constant threat of hacking they face.

Finbarr Joy, Chief Technology Officer at William Hill explained that the benefit of using machine learning in this manner was that, ‘when things are happening outside of the normal patterns, it makes those explicit then you can zero in on them. It's a good example of how a machine can learn what's normal and therefore can spot anomalies much more easily than a thousand people.’

Moving To The Cloud

The simple truth about keeping data safe is that if you have a large team of well-educated security experts in charge of the operation, it will probably be better than a smaller team with less training. This means that through utilizing third party vendors or storing data in the cloud, the cloud provider or security system vendor are giving you an extra guarantee of safety.

One of the key reasons for this is that these companies need to conform to higher standards than regular companies. Lindsey LaManna from SAP explains it as 'security is actually increased when using cloud solutions due to strict ISO security standards that cloud providers must adhere to, in addition to the regular security audits.' In addition to these higher standards, there is also the damage that would be done should data be lost from their system, meaning that their first aims will always be to create a robust and safe system.

Educate And Hire Trustworthy Staff

According to the Verizon Data Breach Report, around 80% of all hacks in their study occurred due to phishing attacks or credentials being stolen or misused. This points towards needing education for employees on keeping their information safe and hiring trustworthy staff, rather than complex multi-million dollar systems to stop hackers.

Often (55% of the time according to the report) the hacks are undertaken by those inside the company, something that was suspected with the recent Ashley Madison and Sony hacks. 40% of these are believed to have done so for financial gain, whilst others may have done so unwittingly (installing infected software etc), but the results are the same regardless. It means that, strangely, HR departments have as much impact on data security as almost anybody else in the company.